Language Selection

English French German Italian Portuguese Spanish

Security: Purism, SLAPP, Windows Servers, Windows at SMBs and More

Filed under
Security
  • Tamper-evident Boot Update: Making Heads More Usable

    We announced not too long ago that we have successfully integrated the tamper-evident boot software Heads into our Librem laptops. Heads secures the boot process so that you can trust that the BIOS and the rest of the boot process hasn’t been tampered with, but with keys that are fully under your control.

    Heads is cutting edge software and provides a level of security beyond what you would find in a regular computer. Up to this point though, its main user base are expert-level users who are willing to hardware flash their BIOS. The current user interface is also geared more toward those expert users with command-line scripts that make the assumption that you know a fair amount about how Heads works under the hood.

  • Keeper Security Reminds Everyone Why You Shouldn't Use It; Doubles Down On Suing Journalist

    Back in December, we wrote about a blatant SLAPP suit filed by Keeper Security against Ars Technica and its reporter Dan Goodin. Keeper makes a password manager product, and Goodin wrote an article, based on a flaw discovered by Google's Tavis Ormandy. The flaw impacted the browser extension that works with Keeper's application. Keeper took offense to certain elements of the article, and in particular to the idea that Microsoft had forced people to install the flawed software (since the flaw was actually in the browser extension, which is optional). Keeper Security also felt that the article implied that users of its software were vulnerable to a broad attack that put their passwords at risk, when the details suggested it was a more narrow (but still pretty bad) flaw that would require a specific set of circumstances to expose passwords, and there was no evidence that such a set of circumstances existed.

  • New cryptojacking attack uses Redis and NSA exploits to infect machines

    After the script completed the Redis scan, it launches another scan process named “ebscan.sh”. This time the new process uses the masscan tool to discover and infect publicly available Windows servers with the vulnerable SMB version.

  • Cyberattack risks mounting for Aussie SMBs: report

    It’s only a matter of time before Australian small businesses are hit hard by a cybersecurity attack but there are things they can do to protect themselves, according to a newly published security report.

  • Stack-register Checking

    Recently, Theo de Raadt (deraadt@) described a new type of mitigation he has been working on together with Stefan Kempf (stefan@)...

More in Tux Machines

today's howtos

KDE/Qt: Qt Contributor Summit 2018, Integrating Cloud Solutions with Qt, FreeBSD, and Konsole

  • Qt Contributor Summit 2018
    One bit especially interesting is the graphics stack. Back in Qt 5.0, Qt took the liberty of limiting the graphics stack to OpenGL, but the world has changed since: On Windows the only proper stack is Direct3D 12, Apple introduced Metal and recently deprecated OpenGL and Vulkan is coming rather strong. It looks like embracing these systems transparently will be one of the most exciting tasks to achieve. From a KDE & Plasma perspective I don’t think this is scary, OpenGL is here to stay on Linux. We will get a Framework based on a more flexible base and we can continue pushing Plasma, Wayland, Plasma Mobile with confidence that the world won’t be crumbling. And with a bit of luck, if we want some parts to use Vulkan, we’ll have it properly abstracted already.
  • Integrating Cloud Solutions with Qt
    These days, using the cloud for predictive maintenance, analytics or feature updates is a de facto standard in the automation space. Basically, any newly designed product has some server communication at its core. However, the majority of solutions in the field were designed and productized when communication technology was not at today’s level. Still, attempts are being made to attach connectivity to such solutions. The mission statement is to “cloudify” an existing solution, which uses some internal protocol or infrastructure.
  • KDE on FreeBSD – June 2018
    It’s been a while since I wrote about KDE on FreeBSD, what with Calamares and third-party software happening as well. We’re better at keeping the IRC topic up-to-date than a lot of other sources of information (e.g. the FreeBSD quarterly reports, or the f.k.o website, which I’ll just dash off and update after writing this).
  • Konsole’s search tool
    Following my konsole’s experiments from the past week I came here to show something that I’m working on with the VDG, This is the current Konsole’s Search Bar. [...] I started to fix all of those bugs and discovered that most of them happened because we had *one* search bar that was shared between every terminal view, and whenever a terminal was activated we would reposition, reparent, repaint, disconnect, reconnect the search bar. Easiest solution: Each Terminal has it’s own search bar. Setuped only once. The one bug I did not fix was the Opening / Closing one as the searchbar is inside of a layout and layouts would reposition things anyway. All of the above bugs got squashed by just moving it to TerminalDisplay, and the code got also much cleaner as there’s no need to manual intervention in many cases. On the review Kurt – the Konsole maintainer – asked me if I could try to make the Search prettier and as an overlay on top of the Terminal so it would not reposition things when being displayed.

LibreOffice 6.0 Is Now Ready for Mainstream Users and Enterprise Deployments

LibreOffice 6.0.5 is here one and a half months after the LibreOffice 6.0.4 point release to mark the open-source office suite as ready for mainstream users and enterprise deployments. The Document Foundation considers that LibreOffice 6.0 has been tested thoroughly and that it's now ready for use in production, enterprise environments. Until now, The Document Foundation only recommended the LibreOffice 6.0 office suite to bleeding-edge users while urging enterprises and mainstream users to use the well-tested LibreOffice LibreOffice 5.4 series, which reached end of life on June 11, 2018, with the last point release, LibreOffice 5.4.7. Read more

LibreOffice 6.0 Is Now Ready for Mainstream Users and Enterprise Deployments

The Document Foundation informed Softpedia today about the general availability of the fifth point release of the LibreOffice 6.0 open-source and cross-platform office suite for all supported operating systems. LibreOffice 6.0.5 is here one and a half months after the LibreOffice 6.0.4 point release to mark the open-source office suite as ready for mainstream users and enterprise deployments. The Document Foundation considers that LibreOffice 6.0 has been tested thoroughly and that it's now ready for use in production, enterprise environments. Read more Direct: The Document Foundation announces LibreOffice 6.0.5